Installation structor updates

changed the default installattion used in the linux_build.sh
script to create an installer that deauly installs the
application data files in the /var fold folder instead of
the user specific folder in /home.

also made it so it will now create a system user named after
the name of the application and use that user to run the
systemd service instead of the currently logged in user.
doing this harded system security by having the application
run as an under privileged user. this also opens up the
possibility to lock down direct writing access to the host
database to just the internal module (in a future update).

removed the -start command line argument and have just the
-host option to start new host instances. the -start option
would start the host as the current user so i decided to
remove it as a way to encourage end users to start/stop the
host via systemd.
This commit is contained in:
Maurice ONeal 2019-12-24 15:51:10 -05:00
parent 87d9eb0207
commit 4d47fd187f
4 changed files with 55 additions and 51 deletions

View File

@ -10,13 +10,12 @@ Usage: mrci <argument>
<Arguments> <Arguments>
-help : display usage information about this application. -help : display usage information about this application.
-start : start a new host instance in the background. (non-blocking)
-stop : stop the current host instance if one is currently running. -stop : stop the current host instance if one is currently running.
-about : display versioning/warranty information about this application. -about : display versioning/warranty information about this application.
-addr {ip_address:port} : set the listening address and port for TCP clients. -addr {ip_address:port} : set the listening address and port for TCP clients.
-status : display status information about the host instance if it is currently running. -status : display status information about the host instance if it is currently running.
-reset_root : reset the root account password to the default password. -reset_root : reset the root account password to the default password.
-host : this starts a blocking host instance. for internal use only. -host : start a new host instance. (this blocks).
-public_cmds : run the internal module to list it's public commands. for internal use only. -public_cmds : run the internal module to list it's public commands. for internal use only.
-exempt_cmds : run the internal module to list it's rank exempt commands. for internal use only. -exempt_cmds : run the internal module to list it's rank exempt commands. for internal use only.
-user_cmds : run the internal module to list it's user commands. for internal use only. -user_cmds : run the internal module to list it's user commands. for internal use only.

View File

@ -5,12 +5,12 @@ installer_file="$2"
src_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" src_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
bin_name="mrci" bin_name="mrci"
app_version="2.1.2" app_version="2.1.3"
app_name="MRCI" app_name="MRCI"
install_dir="/opt/$bin_name" install_dir="/opt/$bin_name"
var_dir="/var/opt/$bin_name"
bin_dir="/usr/bin" bin_dir="/usr/bin"
tmp_dir="$HOME/.cache/mrci_build" tmp_dir="$HOME/.cache/mrci_build"
user="$USER"
if [ ! -d "$qt_dir" ]; then if [ ! -d "$qt_dir" ]; then
@ -32,14 +32,14 @@ fi
if [ -d "$tmp_dir" ]; then if [ -d "$tmp_dir" ]; then
rm -rfv $tmp_dir rm -rf $tmp_dir
fi fi
if [ $? -eq 0 -a -d "$qt_dir" ]; then if [ $? -eq 0 -a -d "$qt_dir" ]; then
mkdir -vp $tmp_dir mkdir -vp $tmp_dir
cp -rv $src_dir/. $tmp_dir cp -r $src_dir/. $tmp_dir
cd $tmp_dir cd $tmp_dir
qmake -config release qmake -config release
@ -68,6 +68,7 @@ if [ $? -eq 0 -a -d "$qt_dir" ]; then
echo "export QTDIR=$install_dir" >> $startup_script echo "export QTDIR=$install_dir" >> $startup_script
echo "export QT_PLUGIN_PATH=$install_dir" >> $startup_script echo "export QT_PLUGIN_PATH=$install_dir" >> $startup_script
echo "export LD_LIBRARY_PATH=\"$install_dir/lib:\$LD_LIBRARY_PATH\"" >> $startup_script echo "export LD_LIBRARY_PATH=\"$install_dir/lib:\$LD_LIBRARY_PATH\"" >> $startup_script
echo "export MRCI_DB_PATH=$var_dir/data.db" >> $startup_script
echo "$install_dir/$bin_name \$1 \$2 \$3" >> $startup_script echo "$install_dir/$bin_name \$1 \$2 \$3" >> $startup_script
echo "#!/bin/sh" > $setup_script echo "#!/bin/sh" > $setup_script
@ -77,43 +78,57 @@ if [ $? -eq 0 -a -d "$qt_dir" ]; then
echo "if [ ! -d \"$install_dir\" ]; then" >> $setup_script echo "if [ ! -d \"$install_dir\" ]; then" >> $setup_script
echo " sudo mkdir -p $install_dir" >> $setup_script echo " sudo mkdir -p $install_dir" >> $setup_script
echo "fi" >> $setup_script echo "fi" >> $setup_script
echo "sudo cp -rfv ./lib $install_dir" >> $setup_script echo "if [ ! -d \"$var_dir\" ]; then" >> $setup_script
echo "sudo cp -rfv ./sqldrivers $install_dir" >> $setup_script echo " sudo mkdir -p $var_dir" >> $setup_script
echo "sudo cp -fv ./$bin_name $install_dir" >> $setup_script echo "fi" >> $setup_script
echo "sudo cp -fv ./$bin_name.sh $install_dir" >> $setup_script echo "cp -rfv ./lib $install_dir" >> $setup_script
echo "sudo cp -fv ./uninstall.sh $install_dir" >> $setup_script echo "cp -rfv ./sqldrivers $install_dir" >> $setup_script
echo "sudo cp -fv ./$bin_name.service /etc/systemd/system/$bin_name@$USER.service" >> $setup_script echo "cp -fv ./$bin_name $install_dir" >> $setup_script
echo "sudo chmod 755 $install_dir/$bin_name" >> $setup_script echo "cp -fv ./$bin_name.sh $install_dir" >> $setup_script
echo "sudo chmod 755 $install_dir/$bin_name.sh" >> $setup_script echo "cp -fv ./uninstall.sh $install_dir" >> $setup_script
echo "sudo chmod 755 $install_dir/uninstall.sh" >> $setup_script echo "cp -fv ./$bin_name.service /etc/systemd/system/$bin_name.service" >> $setup_script
echo "sudo chmod 755 $install_dir" >> $setup_script echo "useradd -r $bin_name" >> $setup_script
echo "sudo chmod -R 755 $install_dir/lib" >> $setup_script echo "chmod 755 $install_dir/$bin_name" >> $setup_script
echo "sudo chmod -R 755 $install_dir/sqldrivers" >> $setup_script echo "chmod 755 $install_dir/$bin_name.sh" >> $setup_script
echo "sudo chmod 755 /etc/systemd/system/$bin_name@$USER.service" >> $setup_script echo "chmod 755 $install_dir/uninstall.sh" >> $setup_script
echo "sudo ln -sf $install_dir/$bin_name.sh $bin_dir/$bin_name" >> $setup_script echo "chmod 755 $install_dir" >> $setup_script
echo "sudo systemctl start $bin_name@$USER" >> $setup_script echo "chmod -R 755 $install_dir/lib" >> $setup_script
echo "sudo systemctl enable $bin_name@$USER" >> $setup_script echo "chmod -R 755 $install_dir/sqldrivers" >> $setup_script
echo "echo \"\nInstallation finished. If you ever need to uninstall this application, run this command:\n\"" >> $setup_script echo "chmod 755 /etc/systemd/system/$bin_name.service" >> $setup_script
echo "echo \" sh $install_dir/uninstall.sh\n\"" >> $setup_script echo "chown -R $bin_name:$bin_name $var_dir" >> $setup_script
echo "chmod -R 755 $var_dir" >> $setup_script
echo "ln -sf $install_dir/$bin_name.sh $bin_dir/$bin_name" >> $setup_script
echo "systemctl start $bin_name" >> $setup_script
echo "systemctl enable $bin_name" >> $setup_script
echo "if [ \$? -eq 0 ]; then" >> $setup_script
echo " echo \"\nInstallation finished. If you ever need to uninstall this application, run this command:\n\"" >> $setup_script
echo " echo \" $install_dir/uninstall.sh\n\"" >> $setup_script
echo "fi" >> $setup_script
echo "[Unit]" > $service_file echo "[Unit]" > $service_file
echo "Description=$app_name host" >> $service_file echo "Description=$app_name Host Daemon" >> $service_file
echo "After=network.target" >> $service_file echo "After=network.target" >> $service_file
echo "" >> $service_file echo "" >> $service_file
echo "[Service]" >> $service_file echo "[Service]" >> $service_file
echo "Type=simple" >> $service_file echo "Type=simple" >> $service_file
echo "User=%i" >> $service_file echo "User=$bin_name" >> $service_file
echo "Restart=on-failure" >> $service_file
echo "RestartSec=5" >> $service_file
echo "TimeoutStopSec=infinity" >> $service_file
echo "ExecStart=/usr/bin/env $bin_name -host" >> $service_file echo "ExecStart=/usr/bin/env $bin_name -host" >> $service_file
echo "ExecStop=/usr/bin/env $bin_name -stop" >> $service_file
echo "" >> $service_file echo "" >> $service_file
echo "[Install]" >> $service_file echo "[Install]" >> $service_file
echo "WantedBy=multi-user.target" >> $service_file echo "WantedBy=multi-user.target" >> $service_file
echo "#!/bin/sh" > $uninstall_script echo "#!/bin/sh" > $uninstall_script
echo "sudo systemctl -q stop $bin_name@$USER" >> $uninstall_script echo "systemctl -q stop $bin_name" >> $uninstall_script
echo "sudo systemctl -q disable $bin_name@$USER" >> $uninstall_script echo "systemctl -q disable $bin_name" >> $uninstall_script
echo "sudo rm -v /etc/systemd/system/$bin_name@$USER.service" >> $uninstall_script echo "rm -v /etc/systemd/system/$bin_name.service" >> $uninstall_script
echo "sudo rm -v $bin_dir/$bin_name" >> $uninstall_script echo "rm -v $bin_dir/$bin_name" >> $uninstall_script
echo "sudo rm -rv $install_dir" >> $uninstall_script echo "rm -rv $install_dir" >> $uninstall_script
echo "chown -R root:root $var_dir" >> $uninstall_script
echo "deluser $bin_name" >> $uninstall_script
chmod +x $setup_script chmod +x $setup_script

View File

@ -37,25 +37,27 @@
#include "shell.h" #include "shell.h"
#define APP_NAME "MRCI" #define APP_NAME "MRCI"
#define APP_VER "2.1.2" #define APP_VER "2.1.3"
#define APP_TARGET "mrci" #define APP_TARGET "mrci"
#ifdef Q_OS_WIN #ifdef Q_OS_WIN
#define DEFAULT_MAILBIN "%COMSPEC%" #define DEFAULT_MAILBIN "%COMSPEC%"
#define DEFAULT_MAIL_SEND "echo %message_body% | mutt -s %subject% %target_email%" #define DEFAULT_MAIL_SEND "echo %message_body% | mutt -s %subject% %target_email%"
#define DEFAULT_DB_PATH "%LOCALAPPDATA%\\%EXENAME%\\data.db" #define DEFAULT_DB_PATH "%PROGRAMDATA%\\mrci\\data.db"
#define DEFAULT_WORK_DIR "%PROGRAMDATA%\\mrci"
#else #else
#define DEFAULT_MAILBIN "/bin/sh" #define DEFAULT_MAILBIN "/bin/sh"
#define DEFAULT_MAIL_SEND "-c \"echo %message_body% | mutt -s %subject% %target_email%\"" #define DEFAULT_MAIL_SEND "-c \"echo %message_body% | mutt -s %subject% %target_email%\""
#define DEFAULT_DB_PATH "$HOME/.$EXENAME/data.db" #define DEFAULT_DB_PATH "/var/opt/mrci/data.db"
#define DEFAULT_WORK_DIR "/var/opt/mrci"
#endif #endif
#define ENV_DB_PATH "MRCI_DB_PATH" #define ENV_DB_PATH "MRCI_DB_PATH"
#define ENV_EXENAME "EXENAME" #define ENV_WORK_DIR "MRCI_WORK_DIR"
#define ROOT_USER "root" #define ROOT_USER "root"
#define SUBJECT_SUB "%subject%" #define SUBJECT_SUB "%subject%"
#define MSG_SUB "%message_body%" #define MSG_SUB "%message_body%"

View File

@ -60,13 +60,12 @@ void showHelp()
txtOut << "Usage: " << APP_TARGET << " <argument>" << endl << endl; txtOut << "Usage: " << APP_TARGET << " <argument>" << endl << endl;
txtOut << "<Arguments>" << endl << endl; txtOut << "<Arguments>" << endl << endl;
txtOut << " -help : display usage information about this application." << endl; txtOut << " -help : display usage information about this application." << endl;
txtOut << " -start : start a new host instance in the background. (non-blocking)" << endl;
txtOut << " -stop : stop the current host instance if one is currently running." << endl; txtOut << " -stop : stop the current host instance if one is currently running." << endl;
txtOut << " -about : display versioning/warranty information about this application." << endl; txtOut << " -about : display versioning/warranty information about this application." << endl;
txtOut << " -addr {ip_address:port} : set the listening address and port for TCP clients." << endl; txtOut << " -addr {ip_address:port} : set the listening address and port for TCP clients." << endl;
txtOut << " -status : display status information about the host instance if it is currently running." << endl; txtOut << " -status : display status information about the host instance if it is currently running." << endl;
txtOut << " -reset_root : reset the root account password to the default password shown below." << endl; txtOut << " -reset_root : reset the root account password to the default password shown below." << endl;
txtOut << " -host : this starts a blocking host instance. for internal use only." << endl; txtOut << " -host : start a new host instance. (this blocks)" << endl;
txtOut << " -public_cmds : run the internal module to list it's public commands. for internal use only." << endl; txtOut << " -public_cmds : run the internal module to list it's public commands. for internal use only." << endl;
txtOut << " -exempt_cmds : run the internal module to list it's rank exempt commands. for internal use only." << endl; txtOut << " -exempt_cmds : run the internal module to list it's rank exempt commands. for internal use only." << endl;
txtOut << " -user_cmds : run the internal module to list it's user commands. for internal use only." << endl; txtOut << " -user_cmds : run the internal module to list it's user commands. for internal use only." << endl;
@ -110,12 +109,12 @@ int main(int argc, char *argv[])
serializeThread(app.thread()); serializeThread(app.thread());
QDir::setCurrent(QDir::homePath()); QString workDir = expandEnvVariables(qEnvironmentVariable(ENV_WORK_DIR, DEFAULT_WORK_DIR));
QDir::setCurrent(workDir);
QCoreApplication::setApplicationName(APP_NAME); QCoreApplication::setApplicationName(APP_NAME);
QCoreApplication::setApplicationVersion(APP_VER); QCoreApplication::setApplicationVersion(APP_VER);
qputenv(ENV_EXENAME, APP_TARGET);
QString err; QString err;
QStringList args = QCoreApplication::arguments(); QStringList args = QCoreApplication::arguments();
bool dbFail = false; bool dbFail = false;
@ -225,17 +224,6 @@ int main(int argc, char *argv[])
} }
} }
} }
else if (args.contains("-start", Qt::CaseInsensitive))
{
if (dbFail)
{
soeDueToDbErr(&ret);
}
else
{
QProcess::startDetached(QCoreApplication::applicationFilePath(), QStringList() << "-host");
}
}
else if (args.contains("-stop", Qt::CaseInsensitive) || args.contains("-status", Qt::CaseInsensitive)) else if (args.contains("-stop", Qt::CaseInsensitive) || args.contains("-status", Qt::CaseInsensitive))
{ {
ret = shellToHost(args, app); ret = shellToHost(args, app);